Firm’s Guide to the Consolidated Audit Trail

The Securities and Exchange Commission (SEC) is creating a Consolidated Audit Trail (CAT) that would enable regulators to track all activity throughout the U.S. for listed-equities and options.

SIFMA has published a Firm’s Guide to the Consolidated Audit Trail, which is intended to educate industry members on the CAT, enable a detailed understanding of the regulation and provide considerations for implementation including a readiness checklist.

Updated August 20, 2019

For additional information on this topic, please contact Ellen Greene, Managing Director, SIFMA.

This Guide is not a replacement for or an interpretation of the regulatory requirements as communicated on www.CATNMSplan.com. Firms should monitor the CAT NMS Plan website for further updates and announcements.

SIFMA makes no representation, warranties or guarantees, express or implied, as to the accuracy, completeness, timeliness, or continued availability of this document or any other on our website. SIFMA has no obligation to correct, supplement, update, or maintain this document. This document is intended for general informational purposes only, and is not intended to provide, and does not constitute, investment, tax, business or legal advice to any individual or entity. Readers are urged to consult with their own advisors before taking actions based on this document or any documents available through our website or any website to which we link.

 

Excerpt

Executive Summary

I. Background on Rule 613, Plan Processor and CAT NMS LLC The United States (US) Securities and Exchange Commission (SEC) adopted SEC Rule 613 (Rule 613) in 2012 to create the Consolidated Audit Trail (CAT) intended to allow regulators to monitor activity in National Market System (NMS) securities throughout the US markets. In November 2016, the SEC approved the CAT NMS Plan, which was submitted by the Self-Regulatory Organizations (SROs). The CAT NMS Plan outlines a broad framework for the creation, implementation, and maintenance of the CAT.

Jointly formed by the SROs, CAT NMS LLC was jointly formed by the SROs to coordinate and collectively select a Plan Processor, thus making the CAT a “facility” of each SRO. The selected Plan Processor is responsible for performing the processing functions required under Rule 613 and the CAT NMS Plan. The Operating Committee of CAT NMS LLC, a governing body composed of representatives of the SROs, oversees the operation of the CAT. On a functional level, CAT will collect information on quotes, orders, routes, and trade execution for exchange-listed equities and options throughout the US NMS, including related events such as cancellations, modifications and acceptances of an order or route.

II. Impact to Firms, Product Scope and Timelines The (CAT) applies to all US exchanges and Firms, including Alternative Trading Systems (ATSs), registered with an SRO and unlike the Order Audit Trail System (OATS), there are no broker-dealer exemptions from reporting requirements. Any broker-dealer that is a member of a national securities exchange or Financial Industry Regulatory Authority (FINRA) and handles orders must report to CAT. Eligible securities include NMS stocks, listed options, and over-the-counter (OTC) equity securities. Firms need to report market transaction data (“Reportable Events”) to the CAT in a format(s) specified by the Plan Processor, approved by the Operating Committee and compliant with Rule 613. Scope and timelines are further discussed in section 3 of this Guide. These events cover the end-to-end lifecycle of a trade, including but not limited to, quotes, original receipts or originations of an order, modifications, cancellations, routing, receipts of a routed order execution (in whole or in part), and ultimately order allocations. As indicated in this Guide and elaborated on CATNMSplan.com, these events will be reportable in different phases in the CAT implementation timeline, starting in April 2020, as shown in Figure 1.0.1.

Figure 1.0.1: Phased Implementation Timeline

Additionally, CAT has different timelines for the implementation of the phases indicated in Figure 1.0.1 for large Firms and small Firms. Specific implementation dates and definitions of Firm size will be discussed in detail in section 4 of this Guide. Later scheduled phases include allocations and customer information, but details regarding implementation have not been finalized and published at the time of writing of this Guide.

III. Reportable events, scenarios & fields (in excess of OATS), Error corrections and FAQs The Industry Member Technical Specificationsfor equities and simple option (Phases 2a and 2b), provides an overview to the requirements of reporting to CAT by Firms. It  provides detailed information about data elements, data types, order events and file formats for the in-scope products that are required to be reported. It also describes how Firms must submit files to CAT, including access instructions, network and transport options, error corrections and testing requirements.

A separate companion document to the Industry Member Technical Specifications is also available on CATNMSplan.com, titled CAT Industry Member Reporting Scenarios, which contains reporting scenario examples and can be used to determine how event types and field values should be applied while reporting various order handling and execution scenarios for equities and simple options. Section 5 of this Guide provides an overview of the Industry Members Technical Specifications and the CAT Industry Member Reporting Scenarios documents. Firms should refer to these documents, as well as the FAQs, published on CATNMSplan.com, to gain an understanding of the approved and up-to-date reporting requirements for CAT. Firms should understand that CAT is more than an evolution of FINRA’s OATS. CAT will include a substantial number of additional requirements, such as options data, allocations, and customer data that are not considered within the current OATS requirements. CAT has a shorter error correction window than OATS. Errors must be corrected within three trading days (T+3) of the Reportable Event. Introducing Firms will also have greater reporting obligations under CAT as compared to OATS. A summarized comparison between CAT and OATS reporting requirements is presented in section 5.9 of this Guide.

IV. Operational considerations including architecture, vendors, controls and governance, connectivity and testing The CAT reporting requirements may necessitate Firms to evaluate their current policies and procedures, reporting architecture, controls framework and/or governance models to confirm timely and correct data reporting. Firms should consider assessing data sources, mapping their data to the technical specifications of CAT, identifying and addressing potential gaps and remediating any observed data anomalies. Source data would flow through several steps, including enrichment, validation controls, and submission formatting for CAT reporting. There are several considerations such as using a centralized or federated model, buying or building in-house solutions, utilizing the services of a third-party vendor or any combination of these factors. Data and technical architecture considerations are discussed in section 6 of this Guide.

Figure 1.0.2: Components of a Conceptual Architecture

Operational processes including CAT submission management and exception management, will also be important components of a sustainable solution. The aggregation and transmission of CAT data also introduces several security considerations since CAT requires that data be protected at rest and in transit. Firms that are making changes to their systems and operations for CAT, will need to plan ahead to meet the industry timelines. Connectivity testing begins in September 2019 and industry testing of CAT submissions begins in December 2019. Firms should consider performing internal testing of their systems and processes for CAT Reporting in preparation for the industry go-live timelines. To maintain CAT compliance over time, an effective control framework and governance model that can monitor the timeliness, accuracy and completeness of CAT submissions and error corrections, as well as manage changes to the business, products, systems and regulations that may impact a Firm’s CAT reporting solution(s) should be considered. Third party services as part of a Firm’s CAT solution may also introduce some risks to be managed. Governance models and controls frameworks are discussed in section 7 of this Guide.

V. Other considerations

In addition to the CAT reporting requirements and considerations for implementing CAT reporting solutions, Firms should consider technological, regulatory and operational challenges that may arise in the preparation and data reporting stages of CAT reporting. New data types such as the Firm Designated ID (FDID) and products such as options may require greater attention as they are not currently reported to OATS. Firms who are also OATS Reporters, should also consider the challenges in parallel reporting to
OATS and CAT, as the retirement plan for OATS is not yet final.

From an operational perspective, registration for CAT will require Firms to identify Principal, Primary, and Secondary contact individuals as well as the CAT Reporter (Firm or vendor if applicable). These terms will be defined and expanded upon later in this Guide. Firms should consider whether their business continuity, disaster recovery and contingency plans need to be (re)assessed and adjusted to perform in conjunction with CAT requirements and in accordance to Firm specific capabilities. Additionally, Firms may want to consider the potential advantages and disadvantages of client account holder notifications indicating that. Firms should assess if there are any incremental responsibilities, in relation to applicable laws and regulations, beyond those included in current client account agreements which would extend to CAT. It should be noted that at the time of writing this Guide, CAT does not have an additional regulatory requirement for client communications. Technology challenges include integrity and consistency of the data as it flows through internal systems as well as third-party vendors. Regulatory challenges include supporting parallel reporting regimes (e.g. OATS, Blue Sheets) alongside CAT, as well as being prepared for regulators to have an increased understanding of Firms’ markets activities and responding to regulator inquiries about their CAT submissions.

Firms should consider their current capabilities in relation to CAT readiness and in light of operational, technological and regulatory challenges, including but not limited to those identified in this Guide. Section 8.10 includes a checklist that Firms could leverage to perform an assessment to understand their CAT readiness status.

Finally, Firms should make sure that they comply with immediate requirements for CAT, including  registration with the Plan Processor, meeting clock synchronization requirements, and preparing for connectivity testing in Q3 2019.